National Institute of Standards and Technology announces a review of the Secure Hash Standard (SHS)

June 10, 2022 |

The National Institute of Standards and Technology (“NIST”) has announced a review on FIPS 180-4, Secure Hash Standard (SHS)

In its media release the NIST states:

  1. SHA-1. In recent years, the cryptanalytic attacks on the SHA-1 hash function have become increasingly severe and practical (see, e.g., the 2020 paper “SHA-1 is a Shambles” by Leurent and Peyrin). NIST therefore plans to remove SHA-1 from a revision of FIPS 180-4 and to deprecate and eventually disallow all uses of SHA-1. The Cryptographic Module Validation Program will establish a validation transition schedule.
    • How will this plan impact fielded and planned SHA-1 implementations?
    • What should NIST consider in establishing the timeline for disallowing SHA-1?
  2. Interface. The “Init, Update, Final” interface was part of the SHA-3 Competition submission requirements. Should a revision of FIPS 180-4 discuss the “Init, Update, Final” hash function interface?

The review is quite detailed and, of course, highly technical. 

Some interesting issues:

  • this Standard relates to specific secure hash algorithms, SHA-1, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224 and SHA-512/256.
  • all of the algorithms:
    • are iterative, one-way hash functions that can process a message to produce a condensed representation called a message digest.
    • enable the determination of a message’s integrity: any change to the message will, with a very high probability, result in a different message digest. This is used in the generation and verification of digital signatures and message authentication codes, and in the generation of random numbers or bits
    • can be described in two stages:
      • preprocessing  which involves padding a message, parsing the padded message into m-bit blocks, and setting initialization values to be used in the hash computation.
      • hash computation which generates a message schedule from the padded message and uses that schedule, along with functions, constants, and word operations to iteratively generate a series of hash values. The final hash value  is used to determine the message digest.
    • differ most significantly in the security strengths that are provided for the data being hashed.
    • differ in terms of the size of the blocks and words of data that are used during hashing or message digest sizes. Figure 1 presents the basic properties of these hash algorithms.


Leave a Reply

Verified by MonsterInsights